inspec/lib/resources/passwd.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Christoph Hartmann
# author: Dominik Richter
# license: All rights reserved

# The file format consists of
# - username
# - password
# - userid
# - groupid
# - user id info
# - home directory
# - command

# usage:
#
# describe passwd do
#   its(:usernames) { should eq ['root'] }
#   its(:uids) { should eq [0] }
# end
#
# describe passwd.uid(0) do
#   its(:username) { should eq 'root' }
#   its(:count) { should eq 1 }
# end

require 'utils/parser'

class Passwd < Inspec.resource(1)
  name 'passwd'
  desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'
  example "
    describe passwd.uid(0) do
      its('username') { should eq 'root' }
      its('count') { should eq 1 }
    end
  "

  include PasswdParser

  attr_reader :uid
  attr_reader :parsed

  def initialize(path = nil)
    @path = path || '/etc/passwd'
    @content = inspec.file(@path).content
    @parsed = parse_passwd(@content)
  end

  # call passwd().uid(0)
  # returns a seperate object with reference to this object
  def uid(uid)
    PasswdUid.new(self, uid)
  end

  def usernames
    map_data('name')
  end

  def passwords
    map_data('password')
  end

  def uids
    map_data('uid')
  end

  def gids
    map_data('gid')
  end

  def to_s
    '/etc/passwd'
  end

  private

  def map_data(id)
    @parsed.map {|x|
      x[id]
    }
  end
end

# object that hold a specifc uid view on passwd
class PasswdUid
  def initialize(passwd, uid)
    @passwd = passwd
    @users = @passwd.parsed.select { |x| x['uid'] == uid.to_s }
  end

  def username
    @users.at(0)['name']
  end

  def count
    @users.size
  end
end
update copyright header 2015-07-15 13:15:18 +00:00			`# encoding: utf-8`
			`# copyright: 2015, Vulcano Security GmbH`
add author header 2015-10-06 16:55:44 +00:00			`# author: Christoph Hartmann`
			`# author: Dominik Richter`
update copyright header 2015-07-15 13:15:18 +00:00			`# license: All rights reserved`
add description for passwd file format 2015-07-15 13:15:53 +00:00
			`# The file format consists of`
			`# - username`
			`# - password`
			`# - userid`
			`# - groupid`
			`# - user id info`
			`# - home directory`
			`# - command`

improve handling on uid data view 2015-09-05 17:05:18 +00:00			`# usage:`
			`#`
			`# describe passwd do`
remove dup method users, use usernames, fix example 2015-10-31 22:07:53 +00:00			`# its(:usernames) { should eq ['root'] }`
			`# its(:uids) { should eq [0] }`
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`# end`
			`#`
			`# describe passwd.uid(0) do`
			`# its(:username) { should eq 'root' }`
			`# its(:count) { should eq 1 }`
			`# end`

externalize passwd parser 2015-10-04 15:59:13 +00:00			`require 'utils/parser'`

rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`class Passwd < Inspec.resource(1)`
migrate passwd and processes Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 19:27:35 +00:00			`name 'passwd'`
add inline documentation 2015-11-27 13:02:38 +00:00			`desc 'Use the passwd InSpec audit resource to test the contents of /etc/passwd, which contains the following information for users that may log into the system and/or as users that own running processes.'`
			`example "`
			`describe passwd.uid(0) do`
			`its('username') { should eq 'root' }`
			`its('count') { should eq 1 }`
			`end`
			`"`
add passwd support 2015-07-14 22:47:17 +00:00
more fine-grained utils parser 2015-12-31 00:01:11 +00:00			`include PasswdParser`
externalize passwd parser 2015-10-04 15:59:13 +00:00
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`attr_reader :uid`
			`attr_reader :parsed`
add passwd support 2015-07-14 22:47:17 +00:00
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`def initialize(path = nil)`
migrate passwd and processes Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 19:27:35 +00:00			`@path = path \|\| '/etc/passwd'`
rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`@content = inspec.file(@path).content`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`@parsed = parse_passwd(@content)`
migrate passwd and processes Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 19:27:35 +00:00			`end`

improve handling on uid data view 2015-09-05 17:05:18 +00:00			`# call passwd().uid(0)`
			`# returns a seperate object with reference to this object`
			`def uid(uid)`
			`PasswdUid.new(self, uid)`
refactor types 2015-07-26 10:30:12 +00:00			`end`
add description for passwd file format 2015-07-15 13:15:53 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`def usernames`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`map_data('name')`
refactor types 2015-07-26 10:30:12 +00:00			`end`
add description for passwd file format 2015-07-15 13:15:53 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`def passwords`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`map_data('password')`
refactor types 2015-07-26 10:30:12 +00:00			`end`
add description for passwd file format 2015-07-15 13:15:53 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`def uids`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`map_data('uid')`
refactor types 2015-07-26 10:30:12 +00:00			`end`
add passwd support 2015-07-14 22:47:17 +00:00
refactor types 2015-07-26 10:30:12 +00:00			`def gids`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`map_data('gid')`
refactor types 2015-07-26 10:30:12 +00:00			`end`
add passwd support 2015-07-14 22:47:17 +00:00
add to_s methods to resources, fixes #98 2015-10-12 11:01:58 +00:00			`def to_s`
			`'/etc/passwd'`
			`end`

migrate passwd and processes Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 19:27:35 +00:00			`private`

rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`def map_data(id)`
			`@parsed.map {\|x\|`
			`x[id]`
			`}`
			`end`
refactor types 2015-07-26 10:30:12 +00:00			`end`
improve handling on uid data view 2015-09-05 17:05:18 +00:00
			`# object that hold a specifc uid view on passwd`
			`class PasswdUid`
			`def initialize(passwd, uid)`
			`@passwd = passwd`
lint 2016-01-15 02:59:00 +00:00			`@users = @passwd.parsed.select { \|x\| x['uid'] == uid.to_s }`
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`end`

			`def username`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`@users.at(0)['name']`
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`end`

			`def count`
rewrite passwd resource to extract parser 2015-10-04 15:49:00 +00:00			`@users.size`
improve handling on uid data view 2015-09-05 17:05:18 +00:00			`end`
			`end`